roles.add("employee");
List<String> rolesList = new ArrayList<String>();
rolesList.add("manager");
MockCatalinaRequest request = new MockCatalinaRequest();
session.clear();
request.setSession(session);
request.addHeader("Referer", sales);
GenericPrincipal genericPrincipal = new GenericPrincipal(realm, "anil", "test", roles);
request.setUserPrincipal(genericPrincipal);
//We start the workflow with the sales application sending a logout request
String samlMessage = RedirectBindingUtil.deflateBase64Encode(createLogOutRequest(sales).getBytes());
request.setParameter("SAMLRequest", samlMessage);
MockCatalinaResponse response = new MockCatalinaResponse();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
response.setWriter(new PrintWriter(baos));
// The IDP is preloaded with 2 participants : "http://localhost:8080/sales/"
// and "http://localhost:8080/employee"
// Lets start the workflow with get
request.setMethod("GET");
idp.invoke(request, response);
String redirectStr = response.redirectString;
String destination = redirectStr.substring(0, redirectStr.indexOf(SAML_REQUEST_KEY) - 1);
String relayState = redirectStr.substring(redirectStr.indexOf(RELAY_STATE_KEY) + RELAY_STATE_KEY.length());
String logoutRequest = redirectStr.substring(redirectStr.indexOf(SAML_REQUEST_KEY) + SAML_REQUEST_KEY.length(),
redirectStr.indexOf(RELAY_STATE_KEY) - 1);
InputStream stream = RedirectBindingUtil.urlBase64DeflateDecode(logoutRequest);
SAML2Request saml2Request = new SAML2Request();
LogoutRequestType lor = (LogoutRequestType) saml2Request.getRequestType(stream);
assertEquals("Match Employee URL", employee, destination);
assertEquals("Destination exists", employee, lor.getDestination().toString());
// IDP has sent a LogOutRequest which we feed to SPRedirectFormAuthenticator for Employee
MockCatalinaContextClassLoader mclSPEmp = setupTCL(profile + "/sp/employee");
Thread.currentThread().setContextClassLoader(mclSPEmp);
MockCatalinaContext context = new MockCatalinaContext();
context.setRealm(realm);
session.setServletContext(context);
SPRedirectFormAuthenticator sp = new SPRedirectFormAuthenticator();
sp.setContainer(context);
sp.testStart();
sp.getConfiguration().setIdpUsesPostBinding(false);
request = new MockCatalinaRequest();
request.setSession(session);
request.setMethod("GET");
request.setParameter("SAMLRequest", RedirectBindingUtil.urlDecode(logoutRequest));
request.setParameter("RelayState", relayState);
MockCatalinaResponse filterResponse = new MockCatalinaResponse();
ByteArrayOutputStream filterbaos = new ByteArrayOutputStream();
filterResponse.setWriter(new PrintWriter(filterbaos));
sp.authenticate(request, response, new LoginConfig());
redirectStr = response.redirectString;
destination = redirectStr.substring(0, redirectStr.indexOf(SAML_RESPONSE_KEY) - 1);
relayState = redirectStr.substring(redirectStr.indexOf(RELAY_STATE_KEY) + RELAY_STATE_KEY.length());
assertNotNull("RelayState exists", relayState);
String logoutResponse = redirectStr.substring(redirectStr.indexOf(SAML_RESPONSE_KEY) + SAML_RESPONSE_KEY.length(),
redirectStr.indexOf(RELAY_STATE_KEY) - 1);
stream = RedirectBindingUtil.urlBase64DeflateDecode(logoutResponse);
StatusResponseType statusResponse = (StatusResponseType) saml2Request.getSAML2ObjectFromStream(stream);
assertEquals("Match IDP URL", IDP, destination);
// Now the SP (employee app) has logged out and sending a status response to IDP
Thread.currentThread().setContextClassLoader(mclIDP);
session.clear();
request.clear();
request.setMethod("GET");
request.setSession(session);
request.setUserPrincipal(genericPrincipal);
request.setParameter("SAMLResponse", RedirectBindingUtil.urlDecode(logoutResponse));
request.setParameter("RelayState", relayState);
baos = new ByteArrayOutputStream();
response.setOutputStream(baos);
response.setWriter(new PrintWriter(baos));
idp.invoke(request, response);
destination = redirectStr.substring(0, redirectStr.indexOf(SAML_RESPONSE_KEY) - 1);
relayState = redirectStr.substring(redirectStr.indexOf(RELAY_STATE_KEY) + RELAY_STATE_KEY.length());
logoutResponse = redirectStr.substring(redirectStr.indexOf(SAML_RESPONSE_KEY) + SAML_RESPONSE_KEY.length(),
redirectStr.indexOf(RELAY_STATE_KEY) - 1);
stream = RedirectBindingUtil.urlBase64DeflateDecode(logoutResponse);
SAML2Response saml2Response = new SAML2Response();
statusResponse = (StatusResponseType) saml2Request.getSAML2ObjectFromStream(stream);
assertEquals("Match IDP URL", IDP, destination);
// Now we should have got a full success report from IDP
MockCatalinaContextClassLoader mclSPSales = setupTCL(profile + "/sp/employee");
Thread.currentThread().setContextClassLoader(mclSPSales);
sp = new SPRedirectFormAuthenticator();
sp.setContainer(context);
sp.testStart();
session.clear();
request.clear();
request.setSession(session);
request.setUserPrincipal(genericPrincipal);
request.setParameter("SAMLResponse", RedirectBindingUtil.urlDecode(logoutResponse));
request.setParameter("RelayState", relayState);
request.setContext(context);
//IDP should now send the final logout response to Sales application who sent the original request
sp.authenticate(request, response, new LoginConfig());
//Ensure that at the IDP we do not have any participants in the session (both employee and sales are logged out)